CVE-2020-3989Out-of-bounds Write in Vmware Horizon Client

CWE-787Out-of-bounds Write4 documents4 sources
Severity
3.3LOWNVD
EPSS
0.0%
top 89.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Vmware Horizon ClientVmware Workstation PlayerVmware Workstation PRO
Timeline
PublishedSep 16
Latest updateMay 24

Description

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages3 packages

NVDvmware/horizon_client5.0.05.4.4
NVDvmware/workstation_pro15.0.016.0.0
NVDvmware/workstation_player15.0.016.0.0

🔴Vulnerability Details

2
GHSA
GHSA-mxr8-pvvp-fw5r: VMware Workstation (152022-05-24
CVEList
CVE-2020-3989: VMware Workstation (152020-09-16

📋Vendor Advisories

1
VMware
VMware Workstation, Fusion and Horizon Client updates address multiple security vulnerabilities (CVE-2020-3980, CVE-2020-3986, CVE-2020-3987, CVE-2020-3988, CVE-2020-3989, CVE-2020-3990)2020-09-14
CVE-2020-3989 — Out-of-bounds Write in Vmware | cvebase